• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-79

CVE-2018-16459

February 26, 2023 by

An unescaped payload in exceljs <v1.6 allows a possible XSS via cell value when worksheet is displayed in browser.

CVE-2018-16468

February 26, 2023 by

In the Loofah gem for Ruby, through v2.2.2, unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished.

CVE-2018-16471

February 26, 2023 by

There is a possible XSS vulnerability in Rack before 2.0.6 and 1.6.11. Carefully crafted requests can impact the data returned by the `scheme` method on `Rack::Request`. Applications that expect the scheme to be limited to ‘http’ or ‘https’ and do not escape the return value could be vulnerable to an XSS attack. Note that applications using the normal escaping mechanisms provided by Rails may not impacted, but applications that bypass the escaping mechanisms, or do not use them may be vulnerable.

CVE-2018-16474

February 26, 2023 by

A stored xss in tianma-static module versions <=1.0.4 allows an attacker to execute arbitrary javascript.

CVE-2018-16480

February 26, 2023 by

A XSS vulnerability was found in module public <0.1.4 that allows malicious Javascript code to run in the browser, due to the absence of sanitization of the file/folder names before rendering.

CVE-2018-16481

February 26, 2023 by

A XSS vulnerability was found in html-page <=2.1.1 that allows malicious Javascript code to be executed in the user's browser due to the absence of sanitization of the paths before rendering.

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 427
  • Go to page 428
  • Go to page 429
  • Go to page 430
  • Go to page 431
  • Interim pages omitted …
  • Go to page 2216
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE